As we can clearly see in line 25 and 35, the program is using strcpy, which is a function that is vulnerable to bufferoverflow attacks.

Let’s change that to strncpy, or, snprintf functions.

snprintf(name, sizeof(name), “%s”, buf)

snprintf(hostname, sizeof(hostname), “%s”, sysInfo.nodename)

From Line 50, the author commented about some feature not working in the program. It seems like the program is trying to reach for hostname variable, which was free() -ed in line 38. While we are at it, let’s uncomment line 52, 53.

Now the program is safe from bufferoverflow. Also, it’s not accessing a free() dynamically allocated heap variable. All is fine.

Usage of vulnerable functions such as

strcpy(), strcat(), gets(), sprintf()

Should be always avoided.

==============================================================

A. Don’t trust the user (ever)

B. Don’t let the user poke around with the server’s shell (by giving shell_exec() like a stupid)

C. If there is a time to trust the user, try to sanitize user’s input; as they will try their best to break the application. (watch out for fuzzers?)

D. Features within the application should probably start, process, and finish within the application.If the application needs a feature from the shell, input data and retrieve data from the server’s any other property, it is too dangerous.

ex) If web need to display date, use php’s date() function. Don’t use server’s shell linux date() funciton and retrieve that data to the application.

If an application lacks a feature, add the feature in the application level.